ARTICLE

Set Up WAF KEMP in Cloud Raya Part 1

25 May 2022 by Ahmad Naufal

Whilst KEMP LoadMaster can bring a solution to distribute the web workload, KEMP also has a feature to harden the Web Application by utilizing the WAF (Web Application Firewall).

WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP/s traffic between a web application and the internet. The typical protection of WAF can provide such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection.

The original product of KEMP Technologies can be found at https://kemptechnologies.com/

LICENSING

KEMP VLM has two types of licenses, the paid one and the trial one.

You can go with the paid license for a production environment since it will unlock all the features that KEMP VLM has.

However, we will go with the trial license in this section since we don’t need to go to a production environment yet.

Please register your account Here – Start Free Trial to get your free trial license.

CREATE VIRTUAL MACHINE

First, you need to Deploy a Virtual Machine with KEMP VLM as a template image.

Access the KEMP management UI and set the new password for the administrator. Please set the password so that it will fulfill the complexity requirements.

The management interface should be like in this picture.

ADDITIONAL PRIVATE IP + PUBLIC IP

You need to create additional private IP and public IP since the default private IP and public IP will be used as the management interface. Please follow the steps below to add new IP to an existing VM.

  • Navigate to KEMP VM, click Public & Private IP
  • Click Acquire New Private IP
  • Click Acquire new Public IP, and attach the public IP to the new Private IP
  • Your new acquired IP should be like in the following picture

Rules & Checking

Content Rules

Content Rules are needed because if there are 2 different websites that use the same 1 IP on the SubVirtul Real server (SubVR), only the website that is in the last order can be accessed.

Example:

Assigned the content rules to each SubVS

VIRTUAL SERVICES

Virtual Services will contain an HTTP/s service held by the backend webserver.

  • On the left pane, click add new
  • Specify the parameter below:
NameValueDescription
Virtual Address10.1.1.108Private IP of KEMP Machine
Port80 or 443common HTTP/s port service
Service Name (Optional)http / httpsOptional name of the service
Protocoltcptransport protocol with a reliable connection

Example of virtual service configuration

  • Save the Virtual Services value by clicking Add this Virtual Service button at the right button pane

Adding and Modifying the SubVS

This SubVS will contain each virtual host configuration of the domain.

  • Navigate to Virtual Services > View/Modify Services
  • In the SubVSs row, click Add New button on the right of the pane
  • For HTTP SubVs, we only need to set a nickname and add HTTP as a Real Server protocol
  • Real Server will be the webserver behind the KEMP VLM

Example of HTTP SubVs and Real Server configuration

HTTPS VIRTUAL SERVICE

Assumed you have an SSL certificate and you want the access to your domain is going through an HTTPS connection.

First, thin

Please create Virtual Services with 443 as a listening port.

You may set the Real Server with an 80 port since the SSL termination will be at the KEMP side.

Certificate & Security

Import the SSL certificate of your domain to KEMP LoadMaster.

Then assign the available certificate to 443 Virtual Services

CONCLUSION

Almost there! We will continue to add some WAF rules in the next part. Please visit article part 2 here!

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Ready to Make Something Big?

Deploy in Cloud Raya
Background wave